[Cryptography] Langsec & authentication
Jerry Leichter
leichter at lrw.com
Tue May 27 14:45:01 EDT 2014
On May 27, 2014, at 11:42 AM, Theodore Ts'o <tytso at mit.edu> wrote:
> ...[C]ompetent JSON readers do not parse JSON by exec'ing the
> JSON as javascript, but rather by explicitly parsing it. It's true
> that a config language such as this:
>
> FOO=value1
> BAR=value2
>
> can be parsed by a shell script using ". config", but that doesn't
> mean that this is the only way, or even the advisable way, to parse
> such an encoding!
And yet it's *way* too common. Someone realizes that there are cases where it would be handy to write:
FOO=value1
BAR=<something meaning "the same as FOO">
which of course is trivial in shell syntax:
FOO=value1
BAR=$FOO
...and we're off to the races.
Self-control - *not* using the cool hack that gives you all that power - is one of the most under-appreciated virtues of programming.
-- Jerry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140527/c717ca9a/attachment.bin>
More information about the cryptography
mailing list